CSI: Cyber – The Internet of Everything

On February 18, 2014, CBS announced plans to launch a new spin-off of the franchise titled CSI: Cyber. A backdoor pilot episode aired on April 30 as a season 14 episode of CSI: Crime Scene Investigation. The new show’s executive producers are Carol Mendelsohn, Anthony E. Zuiker and Ann Donahue; it is inspired by producer Mary Aiken’s previous work as a cyber-psychologist.

The FBI’s team of cyber crime investigators, headed by Special Agent Avery Ryan (Patricia Arquette), works to solve cases involving the darknet and deep web. Avery, an esteemed Ph.D. cyber-psychologist, is in charge of the Cyber Crime Division at Quantico, Virginia. The team she leads, which includes Senior Special Agent Elijah Mundo, is tasked with solving Internet-related cyber-theft, cyber hacking, murders, sex offenses and cyber blackmail.

CSI: Cyber = #IoT #IoE

The Internet of Things’ (IoT) tender underbelly is placing it firmly in cyber criminals’ firing line, and individuals and businesses can expect their IoT infrastructure to experience increasing DDoS (Distributed Denial of Service) attacks.

CSI:Cyber attempts to capture the gravity of the situation as well as the carnage a cyber attack leaves in its digital wake.

As the Internet continues to be a growing presence in our digital lives, infiltrating everyday devices such as home security systems, TVs, automobiles, medical device, GPS and smart watches, the potential attack surface for DDoS attacks, sometimes combined with infiltration attempts, is growing exponentially.

Limited Options

By its very design, IoT is built with lightweight security. These devices rely heavily on shared libraries and a rapid development cycle. Because of their constraints, many IoT devices have limited options for firmware upgrades and other risk management features. The fact that they are also ‘always-online’ makes them highly susceptible to intrusion and attacks.

With IoT, individuals are posting personal or commercially sensitive information. It’s a complex question, how we are going to secure that data, especially with increasingly sophisticated attacks? Furthermore, hackers may be incentivized to infect IoT devices and use them as an army for botnet attacks. Additionally, the smokescreen of DDoS attacks used for covering up data exfiltration, market manipulation and extortion, are ever more present.

On average, a single attack can set an organization back from $52,000 to $52M given the loss of contracts, damage to reputation, damage to stock price, damage to credit rating and increased insurance premiums. With an ecosystem of still-developing protocols, a mass attack could be devastating to an individual, an extended family or an entire global enterprise.